Facebook users being targeted by criminals sending messages through friends' accounts

'After just a few minutes analyzing the message, I understood that I was just peeking at the top of this iceberg'

Aatif Sulleyman
Friday 25 August 2017 10:22 BST
Comments
On Chrome, targets are taken to a fake version of YouTube
On Chrome, targets are taken to a fake version of YouTube (Getty)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Cyber criminals are spreading malware through Facebook, by posing as friends of their victims.

They’re sending dodgy links to users through Messenger, which lead to fake, but legitimate-looking, versions of popular websites, such as YouTube.

Pop-up messages on these sites then encourage the targets to download malicious software.

The malware campaign was spotted by Kaspersky security researcher David Jacoby, who was himself targeted.

He said he received a Facebook message from a person he “very rarely” speaks to, comprising the words “David Video”, a shocked emoji and a bit.ly link.

“After just a few minutes analyzing the message, I understood that I was just peeking at the top of this iceberg. This malware was spreading via Facebook Messenger, serving multi platform malware/adware, using tons of domains to prevent tracking, and earning clicks,” he said.

“The initial spreading mechanism seems to be Facebook Messenger, but how it actually spreads via Messenger is still unknown. It may be from stolen credentials, hijacked browsers or clickjacking.”

According to Mr Jacoby, the link leads to a Google Doc that displays what looks like a playable video, using a blurred-out picture taken from the victim’s Facebook page.

Clicking this takes you to one of a number of websites, which can change depending on your browser, location and operating system.

For instance, on Chrome Mr Jacoby was taken to a fake version of YouTube, which tried to trick him into downloading a malicious Chrome extension.

On Firefox and Safari, meanwhile, he was taken to a site displaying a fake Flash Update notice.

“The people behind this are most likely making a lot of money in ads and getting access to a lot of Facebook accounts,” added Mr Jacoby.

“Please make sure that you don’t click on these links, and please update your antivirus!”

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in